Re: Why everyone uses envelopes but few encrypt emails?

From: "Tom St Denis" <tomstdenis@xxxxxxxxx>
Date: 16 Jun 2006 09:07:07 -0700

privacy concerned wrote:

Except that the MITM now has impersonated you and has taken your secret
message as well. Knowing this after the fact is way too late.

The fact that the recipient can find out that the message has been
spied upon is a deterance for spies. This is similar to an envelope -
you only know that someone has opened the envelope on your letter after
the fact.

No, it's a deterant for the system. If I'm mailing an SSH password
through this, great I can find out if the recipient got it or not, but
only after they say "hey wait my email won't open". At that point the
MITM attacker has already logged on to the box and stole your secrets
[or did damage].

Fundamentally you're still stuck with the "how do we exchange keys in
the first place" a problem which has plagued PGP for years.

The fact that this is all nicely centrally organized on your servers
doesn't speak well for the scheme either. We have to trust that you
can maintain privacy.

Also what of authenticity? You haven't spoken two words about that.

Tom

.

Follow-Ups:
- Re: Why everyone uses envelopes but few encrypt emails?
  - From: privacy concerned

References:
- Why everyone uses envelopes but few encrypt emails?
  - From: privacy concerned
- Re: Why everyone uses envelopes but few encrypt emails?
  - From: Mxsmanic
- Re: Why everyone uses envelopes but few encrypt emails?
  - From: privacy concerned
- Re: Why everyone uses envelopes but few encrypt emails?
  - From: Ed Weir \(ComCast\)
- Re: Why everyone uses envelopes but few encrypt emails?
  - From: privacy concerned

Prev by Date: Re: Why everyone uses envelopes but few encrypt emails?
Next by Date: Re: Why everyone uses envelopes but few encrypt emails?
Previous by thread: Re: Why everyone uses envelopes but few encrypt emails?
Next by thread: Re: Why everyone uses envelopes but few encrypt emails?
Index(es):
- Date
- Thread

Relevant Pages

Re: Update #2 - Re: Google Bobbles NSA wiretap searches
... responder wrote: ... For those unfamiliar with MITM, MITM means man-in-the-middle, and amounts ... Any role in spying is secret ... WASHINGTON -- A United Nations anti-torture panel yesterday urged the ...
(comp.os.linux.security)
Re: Why everyone uses envelopes but few encrypt emails?
... Except that the MITM now has impersonated you and has taken your secret ... Knowing this after the fact is way too late. ... spied upon is a deterance for spies. ...
(sci.crypt)
Re: Why everyone uses envelopes but few encrypt emails?
... Except that the MITM now has impersonated you and has taken your secret ... Knowing this after the fact is way too late. ... spied upon is a deterance for spies. ...
(sci.crypt)
Re: Increasing Attendance at District Banquet
... notify family members of the recipients so they get relatives and close ... We keep it a secret only to the ... We notify family and friends to make sure the recipient ...
(rec.scouting.usa)
Re: Why everyone uses envelopes but few encrypt emails?
... |> Except that the MITM now has impersonated you and has taken your secret ... Knowing this after the fact is way too late. ... Why does the MITM ... your email just for the fun of it. ...
(sci.crypt)